TrueCommand Nightly Development DocumentationThis content follows experimental early release software. Pre-release software is intended for testing purposes only.
Use the Product and Version selectors above to view content specific to a stable software release.
Configuring IDP SAML as SSO for TrueCommand SAML Service
2 minute read.
TrueCommand allows identity provider (IDP) SAML single sign-on (SSO) configuration as of release 2.3.3. With IDP-SAML SSO you can configure a provider such as Okta, AuthO, OneLogin, or Google to provide TrueCommand SSO through the IDP SAML service dashboard instead of using the TrueCommand SAML sign-in option.
Security Assertion Markup Language (SAML) is an SSO standard for logging users into applications that require authentication credentials (like GitHub, G-Mail, etc.). SSO works by transferring a known identity for a user to another location that provides services to the user. SAML accomplishes the transfer by exchanging digitally-signed XML documents.
A SAML configuration requires an Identity Provider (IDP) and Service Provider (SP). When the IDP-SAML service provides the SSO, TrueCommand becomes the service provider.
IDP-SAML provider configuration settings and attributes can differ. This article provides general instructions, settings, and attributes for configuring an IDP-SAML SSO for TrueCommand as a cloud service provider.
TrueCommand IDP SAML does not support groups at this time.
TrueCommand requires configuring the general settings and a set of attributes.
Set support to PERSISTENT.
Download the IDP SAML metadata.
Download or copy/paste the single sign-in URL (https://)
Enter attributes as shown in the table below, with the underscore (attribute_name) if indicated.
For IDP SAML SSO, TrueCommand does not require the certificates from the IDP provider.
Define these attributes in the IDP SAML service provider:
Attribute | Value |
---|---|
Username | unique_name |
Full Name | given_name or display_name |
mail or email | |
Title | title |
Phone Number | telephone_number |